January 1, 2014
The Total Fraud loss in global payments was $11.2 Bn in 2012 up 14.6% from 2011 according to Nilson Report. Credit and Debit card frauds are increasing at an alarming rate. Nitesh Saxena, a professor of computer science at the University of Alabama, is working on a system that would verify payments by utilizing short sound recordings from within a store.
With this system, both the stores’ own terminal as well as the user’s NFC-enabled device would separately send sound clips of the background noise to the payment verifier. This effectively removes some of the theorized weaknesses in payments made via smartphone. With this type of a system, attacks such as the recent $40 Million breach on Target credit cards, can be prevented or atleast greatly reduced.
Our proposed approach can work under the current payment infrastructure. It is meant to defend specifically against the reader-and-ghost attacks which NFC payment systems are susceptible to. We call the NFC card (reader) under attack a valid card (reader), and call the tag (reader) controlled by the adversary as malicious card (reader), says the paper on Secure Proximity Detection for NFC Devices based on Ambient Sensor Data, by Nitesh Saxena, Tzipora Halevi, Di Ma and Tuo Xiang.
It further went on to add, This approach is geared for preventing reader-and-ghost attacks, and offer many advantages. First, it does not require the users to perform explicit actions during the underlying operation just bringing the devices close to each other is sufficient. Second, being based on environmental attributes, our approach makes it very hard, if not impossible, for the adversary to undermine the security of the system. Third, it provides a natural protection to users' location privacy as the explicit location information is never transmitted to the server.
Nitesh Saxena is an Associate Professor in the Department of Computer and Information Sciences at the University of Birmingham (UAB). He works in the computer and network security, and applied cryptography sectors. Nitesh serves as Co-Director of UAB’s MS program in Computer Forensics and Security Management (CFSM). He also runs his a research group along with his students called SPIES – Security and Privacy in Emerging Computing and Networking Systems. SPIES is supported by multiple grants from NSF, Google, Cisco, Intel, Nokia and Research in Motion.